no-OS
noos_mbedtls_config.h
Go to the documentation of this file.
1 /***************************************************************************/
35 #ifndef NOOS_MBEDTLS_CONFIG_H
36 #define NOOS_MBEDTLS_CONFIG_H
37 
38 /******************************************************************************/
39 /***************************** User configuration *****************************/
40 /******************************************************************************/
41 
42 /*
43  * For an easy configuration of mbedtls library only this macros from user
44  * configuration should be modified. For more in deepth configuration see
45  * https://tls.mbed.org/ and noos/libraries/mbedtls/includes/config.h
46  */
47 
48 #define MBEDTLS_DEBUG_C
49 #define MBEDTLS_ERROR_C
50 
51 /* Latest supported version by mbedtls */
52 #define ENABLE_TLS1_2
53 
54 /*
55  * Enabled chipersuites.
56  * Ordered from most preferred to least preferred in terms of security.
57  *
58  * These are the chipersuites supported by http://test.mosquitto.org
59  * or the local mqtt server: https://mosquitto.org/download
60  * For the moment there will be examples only for this servers but these
61  * chipersuites should work for other servers too.
62  */
63 
64 //#define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384
65 //#define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA
66 #define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256
67 //#define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256
68 //#define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA
69 
70 /* Eliptic curves to be used by the chiper */
71 #define ENABLE_ECP_DP_SECP256R1_ENABLED
72 //#define ENABLE_ECP_DP_SECP384R1_ENABLED
73 
74 /*
75  * Parse certificates in PEM format.
76  * If not defined, only DER format can be used.
77  * On ADuCM3029 DER is recommended due to memmory limitations
78  */
79 #define ENABLE_PEM_CERT
80 
81 /*
82  * Maximum length (in bytes) of incoming and outgoing plaintext fragments.
83  * If not defined, default of 16kb will be used.
84  * 2000 is a eoungh to do the tls handshake and is no to much
85  * platforms with memory constrains like ADuCM3029
86  */
87 //#define MAX_CONTENT_LEN 2500
88 
89 /*
90  * ENABLE_MEMORY_OPTIMIZATIONS should be defined in the case memory
91  * is not enough. This could happen is using both a secure connection with
92  * server an client verification.
93  */
94 #define ENABLE_MEMORY_OPTIMIZATIONS
95 
96 /******************************************************************************/
97 /********************* Minimal tls client requirements ************************/
98 /******************************************************************************/
99 
100 /* Minimal requirements */
101 /* Hardware entropy is used (trng.h) */
102 #define MBEDTLS_NO_PLATFORM_ENTROPY
103 /* Needed in order to use TLS features */
104 #define MBEDTLS_SSL_TLS_C
105 /* TLS Client features */
106 #define MBEDTLS_SSL_CLI_C
107 
108 /*
109  * Define available chippersuites. Available only if the requierements are meet.
110  * The requierements are generated depending on user configuration
111  */
112 #define MBEDTLS_SSL_CIPHERSUITES \
113  MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,\
114  MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,\
115  MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\
116  MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,\
117  MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
118 
119 /******************************************************************************/
120 /*************** Configuration depending on user input ************************/
121 /******************************************************************************/
122 
123 #ifdef MAX_CONTENT_LEN
124 #define MBEDTLS_SSL_MAX_CONTENT_LEN MAX_CONTENT_LEN
125 #endif
126 
127 #ifdef ENABLE_TLS1_2
128 
129 #define MBEDTLS_SSL_PROTO_TLS1_2
130 
131 /* Key exchange enabled types */
132 #if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384) || \
133  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA) || \
134  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \
135  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256) || \
136  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA) )
137 
138 /* Enable KEY_EXCHANGE_ECDHE_RSA_ENABLED if used one of these chipersuites is defined */
139 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
140 
141 #endif /* Chipers that use ENABLE_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
142 #endif /* ENABLE_TLS1_2 */
143 
144 #ifdef ENABLE_MEMORY_OPTIMIZATIONS
145 
146 #define MBEDTLS_AES_ROM_TABLES
147 #define MBEDTLS_ECP_WINDOW_SIZE 2
148 
149 #endif /* ENABLE_MEMORY_OPTIMIZATIONS */
150 
151 #ifdef ENABLE_PEM_CERT
152 
153 #define MBEDTLS_BASE64_C
154 #define MBEDTLS_PEM_PARSE_C
155 
156 #endif /* ENABLE_PEM_CERT */
157 
158 /******************************************************************************/
159 /**************** Solve dependencies needed by modules ************************/
160 /******************************************************************************/
161 
162 /* Dependencies for MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
163 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
164 
165 #define MBEDTLS_RSA_C
166 #define MBEDTLS_BIGNUM_C
167 #define MBEDTLS_OID_C
168 #define MBEDTLS_ECDH_C
169 #define MBEDTLS_ECP_C
170 #define MBEDTLS_PK_C
171 #define MBEDTLS_PK_PARSE_C
172 #define MBEDTLS_PKCS1_V15
173 #define MBEDTLS_ASN1_PARSE_C
174 #define MBEDTLS_X509_USE_C
175 #define MBEDTLS_X509_CRT_PARSE_C
176 
177 #ifdef ENABLE_ECP_DP_SECP256R1_ENABLED
178 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
179 #endif
180 #ifdef ENABLE_ECP_DP_SECP384R1_ENABLED
181 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
182 #endif
183 
184 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
185 
186 #ifdef MBEDTLS_SSL_TLS_C
187 #define MBEDTLS_MD_C
188 #define MBEDTLS_CIPHER_C
189 #endif /* MBEDTLS_SSL_TLS_C */
190 
191 #if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384) ||\
192  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA) ||\
193  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA) ||\
194  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256) ||\
195  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256) )
196 
197 # define MBEDTLS_AES_C
198 
199 # if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA) || \
200  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA) || \
201  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256) )
202 # define MBEDTLS_CIPHER_MODE_CBC
203 # if defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
204 # define MBEDTLS_SHA256_C
205 # endif
206 # if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA) || \
207  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA))
208 # define MBEDTLS_SHA1_C
209 # endif
210 # endif
211 
212 # if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \
213  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384))
214 # define MBEDTLS_GCM_C
215 # if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256))
216 # define MBEDTLS_SHA256_C
217 # endif
218 # if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384))
219 # define MBEDTLS_SHA512_C
220 # endif
221 # endif
222 
223 #endif
224 
225 #ifdef MBEDTLS_SSL_PROTO_TLS1_2
226 #if (!defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA256_C) &&\
227  !defined(MBEDTLS_SHA1_C))
228 #define MBEDTLS_SHA256_C
229 #endif
230 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
231 
232 /* Check if the configuration is ok */
233 #include "mbedtls/check_config.h"
234 
235 #endif /* NOOS_MBEDTLS_CONFIG_H */
Generated by   doxygen 1.8.17